[
https://issues.apache.org/jira/browse/NIFI-5737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16659728#comment-16659728
]
ASF GitHub Bot commented on NIFI-5737:
--------------------------------------
Github user thenatog commented on the issue:
https://github.com/apache/nifi/pull/3102
+1
Reviewed the code changes. Most of the changes were related to tests. The
needClientAuth attribute is not used all that much in actual code. Tested
InvokeHTTP with trust/keystores set up, site-to-site and secure clustering.
Also tested insecure site-to-site and clustering. Tested using flow registry.
> Client Auth property no longer used
> -----------------------------------
>
> Key: NIFI-5737
> URL: https://issues.apache.org/jira/browse/NIFI-5737
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: Matt Gilman
> Assignee: Matt Gilman
> Priority: Minor
> Fix For: 1.8.0
>
>
> With the introduction of connection based load balancing, cluster
> communications can no longer be over 1-way SSL. Currently, the client auth
> property of nifi.properties only applied to these cluster communications. If
> set to false, a cluster will fail with the following exception:
> {code}
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> {code}
> This property is not used currently for site-to-site which requires it to be
> `required` (which is the proposed solution here).
> This property is not used currently for Jetty which will `require` or `want`
> it based on the configured features.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
